Blog / Cryptomator Hub 1.4.0: More Trust, More Control, More Transparency

2025-04-15

With the release of version 1.4.0, Cryptomator Hub receives a major feature upgrade that offers more control and transparency — while also improving the overall user experience.

At the heart of this release are a new Web of Trust, finer-grained permission management, extended audit logging, and deeper insights into user profiles.

Let’s take a closer look at what’s new!

Web of Trust: Mutual Verification for Better Security

Hub 1.4.0 WoT

One of the highlights of this release is the new Web of Trust (WoT). Users can now mutually verify each other’s identities by signing public keys. This creates a network of trust that protects against the injection of manipulated or forged public keys.

This feature directly addresses so-called “key injection” risks and strengthens the protection of sensitive data across organizations.

The verification process is based on a simple but effective principle: Only when a person’s public key is confirmed by trusted peers is their identity considered verified.

Admins can configure how many verifications are required.

New Create-Vaults Role: Granular Permissions for Vault Creation

With the introduction of the new create-vaults role, admins now have full control over who is allowed to create new vaults within the organization.

Previously, this permission was available to all users by default — now, admins can specify whether only certain teams, individuals, or everyone should have access to this feature.

Especially in large organizations, this is a key improvement for maintaining order and managing infrastructure growth in a more controlled way.

Audit Log: Even More Precise Activity Tracking

Hub 1.4.0 Audit Log

Monitoring security-relevant actions is a key responsibility in IT operations. With version 1.4.0, the audit log becomes even more powerful:

  • Filter by event type: You can now filter audit log entries by type — such as key changes, access attempts, or account activity — to quickly isolate relevant data during incidents.
  • New events: Several new event types were added to better capture security-critical actions.
    • Register Device – A user registered a new device, e.g., Cryptomator app or browser session.
    • Remove Device – A user removed a device.
    • Signed Identity – A user signed another user’s identity.
    • Account Key Changed – A user regenerated their account key, which also affects user keys.
    • Reset User Account – A user reset their account.
    • User Keys Change – A user changed their keys, e.g., during initial setup or account key updates.
    • Claim Vault Ownership – A user claimed ownership of a vault that was created with a Hub version prior to 1.3.0 using the Vault Admin Password.
  • Retrieve Vault Key event enhanced: This audit event now includes the IP address and device ID — making it easier to trace who unlocked a vault and from which device.

More Transparency in User Profile

Hub 1.4.0 Profile View

The user interface has also been updated to offer more transparency about devices and access patterns:

  • Legacy devices: Users can now see if they’re still using devices linked to vaults created with older versions of the Hub. This helps with migrations to the current user-key-based encryption introduced in version 1.3.0.
  • Last IP and vault access timestamp: The device overview now shows the last known IP address and the most recent vault access timestamp for each device — ideal for identifying suspicious activity.

New Languages and Improved Usability

  • More language support: Cryptomator Hub is now available in Dutch, French, Italian, Korean, Portuguese, and Turkish — making it even more accessible for international teams.
  • Language preference is preserved: Your selected language setting is now saved in your user profile and no longer resets after logout.

Provenance Attestation for Container Images

A frequently overlooked but critical area of security is the authenticity of software containers. Starting with version 1.4.0, we now publish provenance attestations for our container images.

These attestations document the origin and integrity of our images and provide additional assurance for automated deployments and CI/CD pipelines.

Full Changelog

All technical details, fixes, and improvements can be found in the release notes and the new CHANGELOG file.

Closing Remarks

Cryptomator Hub 1.4.0 is a release that builds trust — through greater visibility, more refined controls, and solid technical foundations.

Whether it’s security management, role-based permissions, or user-facing transparency: This update lays the groundwork for even more robust data infrastructures in organizations that take encryption seriously.